XSS vulnerability and information leak in user options CGI

Bug #1747209 reported by Mark Sapiro on 2018-02-03
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
High
Mark Sapiro

Bug Description

CVE-2018-5950

A crafted URL for a user options page can cause a browser to execute arbitrary script encoded in the URL.

Also, in developing a fix for this issue it was discovered that a user options URL with a VARHELP query fragment would display the user options page without requiring login. No changes could be made and the settings revealed are not particularly sensitive, but this could be used to fish for membership on a list with a private roster.

Thanks to Calum Hutton for the original report.

Related branches

CVE References

Mark Sapiro (msapiro) wrote :
description: updated
Mark Sapiro (msapiro) on 2018-02-04
information type: Private Security → Public
Mark Sapiro (msapiro) on 2018-02-04
Changed in mailman:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers